yum ignores values it does not understand and dnf by default installs weak
dependecies, after talking to the FPC we should disable weka deps and
anything needed should be pulled in explicitly
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
Supermin needs access to the pristine RPMs from which the buildroot
is installed, in order to grab the /etc (configuration) files into
the libguestfs appliance (the binaries etc are not baked into the
appliance for obvious security/maintainability reasons).
For years we got these from the yum cache, but problem: dnf defaults
to keepcache=0 and so doesn't save these RPMs.
Therefore enable keepcache like yum.
From https://fedorahosted.org/rel-eng/ticket/6274
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
In python 2.7.9, a context option was added to httplib.HTTPSConnection and
changed its behavior to performs certificate and hostname checks by default.
While this is definitely an improvement, we were relying on the old behavior.
This change restores that (until we can switch to proper verification).
The client CA is only needed to for authentication on the server side,
not for authentication on the client side. Therefore remove it from all
client login code.
60 is not enough to process a full release like Rawhide and last I
checked the code to use a different timeout than the default timeout
does not work. Therefore use a working default value.
Signed-off-by: Till Maas <opensource@till.name>
Kerberos authentication will fail if the server principal uses a CNAME. Resolving
the hostname in the server URL to the canonical hostname associated with the IP
address allows authentication to succeed.
Commit 4de27c52de made Koji to not retry
on SSL errors.
However, it turns out that some SSL errors are transient, and Koji
should still retry for them.
This commit changes that, so that we are more specific about which SSL
errors should be fatal: expired or revoked certificates.
https://bugzilla.redhat.com/show_bug.cgi?id=1207178
With the current code, trying to SSL-login with a bad certificate will
just make it look like the client code is hanging.
That's because it tries and tries again, silently, until it reaches it's
maximum retry limit.
But in the case of an SSL error, such as an expired client cert, there's
really no point in retrying.
Citing from reindent docs:
Change Python (.py) files to use 4-space indents and no hard tab
characters. Also trim excess spaces and tabs from ends of lines, and
remove empty lines at the end of files. Also ensure the last line
ends with a newline.
Citing from PEP 8:
Use 4 spaces per indentation level.
Python 2 code indented with a mixture of tabs and spaces should be
converted to using spaces exclusively.
Don't write string literals that rely on significant trailing
whitespace. Such trailing whitespace is visually indistinguishable
and some editors (or more recently, reindent.py) will trim them.
Also PyLint recommends not to have trailing whitespace on any line.
The mergeScratch() method allows importing rpms built by a scratch build into an existing build, if that build
did not produce rpms matching the arch of the scratch build. This is useful for bootstrapping a new arch into
existing builds, and avoiding a mass-rebuild to add arch support.
